diff options
| author | Guy Harris <guy@alum.mit.edu> | 2016-08-23 11:39:56 -0700 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2016-08-23 18:40:30 +0000 |
| commit | 111358e51b2e3c34621e4883206813f422cdc1fd (patch) | |
| tree | f92ad8a31e3a35664d89dd5f63182a3e6550d972 /epan | |
| parent | 12cae9dc80a09ba0ed75b421d328143ac98a298b (diff) | |
| download | wireshark-111358e51b2e3c34621e4883206813f422cdc1fd.tar.gz | |
Catch too-short netlink message lengths.
0 would cause an infinite loop. and any value < 16 is clearly wrong, so
if we see such a packet, just show the header's length field and stop
dissecting.
Bug: 12776
Change-Id: Iefc56b26b83ff5424968d065bdb9fa84a7a65481
Reviewed-on: https://code.wireshark.org/review/17277
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-netlink.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/epan/dissectors/packet-netlink.c b/epan/dissectors/packet-netlink.c index b939adac13..50a6252c6c 100644 --- a/epan/dissectors/packet-netlink.c +++ b/epan/dissectors/packet-netlink.c @@ -416,6 +416,21 @@ dissect_netlink(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *_data fh_msg = proto_tree_add_subtree(tree, tvb, offset, pkt_len, ett_netlink_msg, NULL, "Netlink message"); + if (pkt_len < 16) { + /* + * This field includes the length of the 16-byte header, + * so its value is invalid. Add it, report an error, + * and stop trying to dissect. + */ + proto_tree *fh_hdr; + + fh_hdr = proto_tree_add_subtree(tree, tvb, offset, 4, ett_netlink_msghdr, NULL, "Header"); + + proto_tree_add_item(fh_hdr, &hfi_netlink_hdr_len, tvb, offset, 4, encoding); + /* XXX invalid expert */ + break; + } + offset = dissect_netlink_hdr(tvb, fh_msg, offset, encoding, &data.type, &port_id); /* XXX */ |